Privacy Policy
1. Controller
BEROTEC GmbH
Gewerbestr. 13, 75057 Kürnbach, Germany
Phone: +49 7258 2009090
E-Mail: kontakt@berotec.de
No data protection officer is required for this website (shop.berotec.de).
2. Purposes of Processing and Legal Bases
2.1 Provision of the Website / Server Logs
When you visit our website, technical data is processed automatically (IP address, date and time of the request, URL accessed, referrer, HTTP status code, volume of data transferred, browser, operating system). This processing is technically necessary to provide the website and to ensure its stability and security. The legal basis is Art. 6(1)(f) GDPR. Log data is generally deleted or anonymised within 7 days at the latest.
2.2 Cookies and Consent Management
We use essential cookies that are required for the operation of the online shop (e.g. shopping cart, login, security). These cookies fall within the scope of § 25(2) TTDSG. All other cookies (statistics, marketing) are only set if you grant your consent in the EU Cookie – Consent Manager for JTL-Shop.
Legal bases:
– Essential cookies: Art. 6(1)(f) GDPR in conjunction with § 25(2) TTDSG
– Statistics and marketing cookies: Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG
You can change or withdraw your consent in the Consent Manager at any time with effect for the future.
2.3 Customer Account (optional)
If you create a customer account, we process your e-mail address and the data you provide in order to manage the account and display your orders. The legal basis is Art. 6(1)(a) GDPR. You can delete the account at any time in the shop; inactive accounts are deleted regularly after 14 months.
2.4 Order and Contract Fulfilment
To process orders we process in particular name, billing and delivery address, e-mail address, optionally telephone number, ordered products, and payment and shipping information. Processing is necessary for the performance of the contract (Art. 6(1)(b) GDPR).
Data is transferred, where necessary, to shipping service providers (e.g. DHL, DHL Express, DPD) for delivery and shipment tracking. In addition, commercial and tax-law retention obligations of 6 to 10 years apply (Art. 6(1)(c) GDPR).
2.5 Payment Processing
Depending on the payment method selected, we process payment data (e.g. IBAN, masked card data, transaction ID) to execute the payment. The legal bases are Art. 6(1)(b) and (f) GDPR. Among the payment service providers we use is:
- PayPal (Europe) S.à r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg – Privacy notice: www.paypal.com/en/webapps/mpp/ua/privacy-full
2.6 Contact
If you contact us by e-mail or via a contact form, we process your details (e.g. name, e-mail address, content of the message) to handle the enquiry and for any follow-up questions. The legal bases are Art. 6(1)(a), (b) and (f) GDPR. Enquiries are regularly deleted once communication is concluded.
2.7 Embedded Content
YouTube: We embed videos in enhanced privacy mode. Google only receives information when you actively play a video. The provider is Google Ireland Limited, Dublin. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.
Social Media: Links to our social media profiles are embedded as simple hyperlinks. No automatic data transfer takes place when you visit our website.
2.8 Statistics (Google Analytics 4)
With your consent, we use Google Analytics 4 to analyse website usage. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG. IP addresses are only processed in truncated form. Data transfers to the USA are carried out on the basis of the EU–US Data Privacy Framework and standard contractual clauses.
2.9 Marketing (Google Ads)
With your consent, we use Google Ads conversion tracking. The legal basis is Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.
2.10 Review Reminder Emails
When you purchase a product in our shop, we send you an e-mail approximately 10 days later asking you to review the purchased product. This processing is carried out on the basis of our legitimate interest in improving our products and services, and in advertising communication pursuant to § 7(3) UWG (German Act Against Unfair Competition) and Art. 6(1)(f) GDPR.
You may object to receiving review reminder e-mails at any time, without incurring any costs other than transmission costs at basic rates.
2.11 Newsletter (Brevo)
You can subscribe to our newsletter during checkout or in the footer of our online shop. Registration is carried out using the double opt-in procedure.
For sending the newsletter, we use Brevo (Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin). Data is stored on servers in Germany. We have concluded a data processing agreement with Brevo pursuant to Art. 28 GDPR.
Upon registration we process: e-mail address, optionally name, as well as IP address and the time of registration and confirmation, to document consent. The legal basis is Art. 6(1)(a) GDPR.
You can withdraw your consent at any time via the unsubscribe link in the newsletter or by e-mail. The lawfulness of processing carried out prior to withdrawal remains unaffected. Your data will be deleted from the mailing list upon unsubscription. Your e-mail address may subsequently be stored in a blacklist to prevent future mailings (Art. 6(1)(f) GDPR). You may object to blacklist storage at any time.
Further information: www.brevo.com/en/legal/privacypolicy
3. Recipients and Service Providers
Recipients of personal data may include in particular:
- IT and hosting service providers (e.g. JTL-Software-GmbH for shop hosting, WNM GmbH for merchandise management/server operations)
- Payment service providers (e.g. PayPal)
- Shipping service providers (e.g. DHL, DHL Express, DPD)
- Analytics and marketing providers (Google, only with consent)
- Authorities and public bodies, where required by law
- Newsletter service providers (Brevo / Sendinblue GmbH, Germany)
We conclude data processing agreements with service providers pursuant to Art. 28 GDPR where they process data on our behalf.
4. Your Rights
Under the GDPR you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
Consent may be withdrawn at any time with effect for the future.
You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the LfDI Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, www.baden-wuerttemberg.datenschutz.de.
5. Data Security
We use TLS encryption, role-based access control concepts, access restrictions, backups and regular security updates to protect your data.
6. Cookies in Detail
The cookies currently used in the online shop are listed below:
| Cookie | Provider / Domain | Purpose | Storage duration | Legal basis |
|---|---|---|---|---|
| JTLSHOP | shop.berotec.de | Session cookie for shopping cart, language and basic shop functions | Session | § 25(2) TTDSG / Art. 6(1)(f) GDPR |
| jtl_token | shop.berotec.de | CSRF protection and form security | Session | § 25(2) TTDSG / Art. 6(1)(f) GDPR |
| consent_manager | shop.berotec.de | Stores your selection in the cookie consent banner | 1 year | Art. 6(1)(c) and (f) GDPR |
| _ga, _ga_* | .berotec.de (Google Analytics) | Distinguishing users and sessions, statistics on page views | up to 2 years | Art. 6(1)(a) GDPR / § 25(1) TTDSG |
| _gcl_au | .berotec.de (Google Ads) | Conversion tracking for Google Ads campaigns | approx. 3 months | Art. 6(1)(a) GDPR / § 25(1) TTDSG |
7. Current Version
Last updated: February 2026. The current version of this privacy policy is available on this page at all times.
